Earlier this year, the entire staff at Atlantic Media received an email with a link to reverify their Google Apps account. It was a phishing attempt. Not by a malicious attacker, but the company's Chief Technology Officer Tom Cochran. He wanted to see just how vulnerable the company would be to a well-crafted phishing attack. The result? 58 percent of the company clicked on the link in the first two hours. As Cochran put it in a (legitimate) follow-up email to the staff, "All it takes is one stolen password and we are hacked."
It's not just your personal information that's at risk with email phishing, it's entire companies. And these attacks are happening with more frequency and intensity, the Los Angeles Times reports:
The sophisticated attacks are targeting the likes of attorneys, oil executives and managers at military contractors. The phishers are increasingly trying to get proprietary documents and pass codes to access company and government databases.
Nearly every incident of online espionage in 2012 involved some sort of a phishing attack, according to a survey compiled by Verizon Communications Inc., the nation's largest wireless carrier.
Several recent breaches at financial institutions, media outlets and in the video game industry have started with someone's log-in information being entered on a false website that was linked to in an email.
According to a report from RSA, a leading digital security organization, there were about 37,000 phishing attacks identified each month in 2012. But it's not just costing companies and individuals information. Worldwide phishing attacks lead to financial loses of $1.5 billion last year.
The best advice: If you're not 100 percent sure about a link, don't click it. It's not worth the potential loses to yourself or your company.
Read more: Los Angeles Times
This post was originally published on Smartplanet.com